var express = require('express');
var router = express.Router();
var crypto = require('crypto');
var checkNotLogin = require('../middleware/checkNotLogin');

var mongoose = require('mongoose');
var User = mongoose.model('User');

module.exports = router;

//Login
router.get('/',checkNotLogin, function (req, res) {
  res.render('login',{title:'登录',back:req.query.back,user:req.session.user,success:req.flash('success').toString(),error:req.flash('error').toString()});
});

router.post('/',checkNotLogin, function (req, res) {
  var name=req.body.name,password=req.body.password;
  console.log('login body:',req.body);
  
  if(!name || !password || 'string'!==typeof password){
    req.flash('error','用户名或密码错误！');
    return res.redirect('/login');
  }
  User.getByName(name,function (err, user) {
    if(err){
      req.flash('error','登录查询失败！');
      return res.redirect('/login');
    }
    //console.log('Login>user:',user,req.body.password,password);
    if(!user || user.password!==crypto.createHash('md5').update(password).digest('hex')){
      req.flash('error','用户名或密码错误！');
      return res.redirect('/login');
    }
    req.session.user=user;
    req.flash('success','登录成功！');
    if(req.body.back){//从其它需要登录的页面跳转而来的，返回需要登录之前的页面
      res.redirect(req.body.back);
    }else{
      res.redirect('/');
    }
  },false);
});

